New post.

[homepage.git] / blog / data / 2010-05-02-expired-passwords.txt

diff --git a/blog/data/2010-05-02-expired-passwords.txt b/blog/data/2010-05-02-expired-passwords.txt
index e1a3d35a8179dc3620809f7ee935750b9c9ae0dc..35d54c511b3276a569e4e23dbaa89d91888dc972 100644 (file)
--- a/blog/data/2010-05-02-expired-passwords.txt
+++ b/blog/data/2010-05-02-expired-passwords.txt
@@ -1,5 +1,5 @@
 Title: Forcing new users to change their password on first login
-Tags: english, nuug, debian edu
+Tags: english, nuug, debian edu, sikkerhet
 Date: 2010-05-02 13:47
 
 <p>One interesting feature in Active Directory, is the ability to
@@ -59,3 +59,16 @@ sure only the user itself have the account password?</p>
 
 <p>If you want to comment on or help out with implementing this for
 Debian Edu, please contact us on debian-edu@lists.debian.org.</p>
+
+<p>Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
+shadow(8) page in Debian/testing now state that setting the date of
+last password change to zero (0) will force the password to be changed
+on the first login.  This was not mentioned in the manual in Lenny, so
+I did not notice this in my initial testing.  I have tested it on
+Squeeze, and '<tt>chage -d 0 username</tt>' do work there.  I have not
+tested it on Lenny yet.</p>
+
+<p>Update 2010-05-02-19:05: Jim Paris tells me via email that an
+equivalent command to expire a password is '<tt>passwd -e
+username</tt>', which insert zero into the date of the last password
+change.</p>